On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message <[EMAIL PROTECTED]>:
> > --- Arnt Karlsen <[EMAIL PROTECTED]> wrote: > > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message > > <[EMAIL PROTECTED]>: > > > > > One thing which will *not* enhance security, but is often claimed > > > to do so, is disabling kernel modules. Even if you don't use > > > them, an attacker with root privileges can still insert code into > > > the running kernel successfully, with the same result as loading a > > > kernel module. > > > > ..this would requires the presence of the loadable module, > > or _could_ the attacker provide it? > > > You need root todo module loading. With root you can also change > kernel memory, so yes you could force a module to load. It would be > simpler just to add the missing code you need to the running kernel > and then link it in. None the less if you have root access the only > reason you might need to load any kernel side code is for DMA or > handeling HW interupts. Since it's unlikely that an attacker would > need or even care to do these things the point is moot. Bottome line > is if an attacker gets root it's ALL over, they can install any > software thay might need. ..so basically, this boils down to whether or not it is possible to grab root with some kinda netcat stunt. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
